[erlang-questions] Erlang web framework

Tristan Sloughter tristan.sloughter@REDACTED
Sun Dec 11 06:49:31 CET 2011

Ah ok, yes, that makes sense. I'll give this a look. Thanks.

On Sat, Dec 10, 2011 at 11:44 PM, Andrew Berman <rexxe98@REDACTED> wrote:

> Tristan,
> I don't have code I can share with you as it's closed source, but,
> basically, I think of my Webmachine layer as a completely separate
> application from my website.  Essentially it solely provides an API to
> handle all the business logic.  As such, my front-end (i.e. the website) is
> now free to worry solely about the front-end and can be written using any
> framework or language you want.  With that in mind, I am writing a very
> AJAX-centric and HTML5 app so the front-end logic resides in the JavaScript
> (which I write in CoffeeScript).  However, because my API layer has
> security built into it, the front-end must provide credentials to use the
> API.  I don't want to store those credentials in the JavaScript and I
> didn't want to use HTML5 sessionStorage to store secure data, so I put
> Misultin between the two.  So, Misultin acts as a proxy server of sorts.  A
> request comes in, if it is a login URL or logout URL or any other "special"
> URL that needs additional processing, I have Misultin take care of it.
>  Otherwise, Misultin just forwards the request on to Webmachine and then
> forwards the response back to the front-end.  Misultin also takes care of
> the sessioning on login and logout (I do this manually) and on all other
> requests by adding the proper auth info to the Authentication header (I'm
> using OAuth 2).
> So if you look here:
> https://github.com/ostinelli/misultin/blob/master/examples/misultin_rest.erlyou can see an example of how you can intercept specific URLs and then a
> general function to capture the other URLs.  So when a request comes in, I
> do my processing and then use httpc to make a request to the API layer.
>  Then I take the result and just return it in the Misultin function.
> Does that make sense?
> --Andrew
> On Sat, Dec 10, 2011 at 6:40 PM, Tristan Sloughter <
> tristan.sloughter@REDACTED> wrote:
>> Andrew, do you have an example of using it as an intermediate between the
>> frontend and Webmachine? I was just looking through your examples and
>> couldn't find one and was hoping too. Because yes, I have Webmachine call
>> out while handling the request session information and authentication and
>> wanted to give your way a shot.
>> Thanks,
>> Tristan
>> On Sat, Dec 10, 2011 at 7:50 PM, Andrew Berman <rexxe98@REDACTED> wrote:
>>> I'm doing something similar to Tristan.  I'm using Webmachine in the
>>> backend which houses all the db, business, and security logic and using
>>> SpineJS and CoffeeScript for my front-end which communicates with
>>> Webmachine using JSON.  After writing a web app this way, I have to say
>>> that it is more difficult than most prepackaged frameworks, however, it
>>> allows you a complete separation of concern, forces you to really think
>>> about your security, and also forces you to focus on a solid, usable REST
>>> API.  The cool thing is that you are using your own REST API and if you're
>>> looking for an API for your service/web app, you can find and fix any pain
>>> points that someone else might encounter using your API.
>>> Unlike Tristan, however, I separated all my sessioning into a completely
>>> separate web app from the main Webmachine web app.  I saw the Webmachine
>>> app as something I wanted to keep as a completely standalone service and so
>>> I basically wrote an intermediate app using Misultin which proxies messages
>>> from the front-end to Webmachine adding any necessary authentication
>>> tokens, dealing with sessions, and any web security features.  As for web
>>> security, this is built into my Misultin app and I followed this guide:
>>> http://guides.rubyonrails.org/security.html.  It's pretty easy to
>>> implement them yourself.
>>> I haven't used Opa, but I have used NodeJS and I was very tempted to use
>>> it for the intermediate app.  You might want to look at Express for NodeJS
>>> if you're looking for more of a framework.
>>> Hope this helps,
>>> Andrew
>>> On Sat, Dec 10, 2011 at 2:06 PM, Tristan Sloughter <
>>> tristan.sloughter@REDACTED> wrote:
>>>> I've tried pretty much every Erlang web framework (some more than
>>>> others).
>>>> Could you explain what you mean about Lift's security, 'ajax+html
>>>> component security'?
>>>> The main frameworks are: ChicagoBoss (Railish), Nitrogen (evet-based
>>>> architecture), Zotonic (a CMS/framework in my opinion, they may just say
>>>> CMS), Erlang Web (the one I have least played with but does seem the most
>>>> OTP fitting) and Erlyweb.
>>>> I haven't personally been happy with building full projects in any of
>>>> these (though Zotonic has been GREAT for projects that just need a CMS like
>>>> my wedding website, and Chicago BOSS looks great for MVC style Erlang web
>>>> development) and now I'm doing my own which is based on Webmachine and
>>>> Batman.js with security based on resource access control using Seresye (
>>>> https://github.com/afiniate/seresye) and an Erlang security framework
>>>> Genbu.
>>>> So the idea is the client is built completely in Batman.js and
>>>> communicates (JSON) with the Webmachine based RESTful interface of the
>>>> backend (which I am greatly simplifying the necessary steps needed to
>>>> build). And then all security on the backend is based on the idea of
>>>> writing a rules engine with Seresye which will be simplified for web
>>>> resource/db use as part of Genbu (which I am moving all web session,
>>>> authentication logic from Maru to).
>>>> I hope to have the pieces for Genbu and Maru and an example, for others
>>>> to start using it, committed tomorrow or sometime this week, but
>>>> http://claimstrade.github.com/maru/ is the "idea" -- well its more
>>>> than an idea I am building this while building a real business on top of
>>>> it. So it is taking what I find I need as I build the business and then
>>>> adding it to the framework, or taking out and moving to the framework. Also
>>>> is based on a couple years of Webmachine based web development and what I
>>>> saw went wrong in some cases as we did so.
>>>> That said, and even though this is an Erlang list so I hope I'm not
>>>> yelled at :), I have to also point you at Opa (http://opalang.org/)
>>>> because I really like it for building sites. And it is very secure
>>>> and statically typed (even your frontend code is compiled and type
>>>> checked!).
>>>> Tristan
>>>> On Sat, Dec 10, 2011 at 3:41 PM, eigenfunction <emeka_1978@REDACTED>wrote:
>>>>> Hi everybody, i would loke to get my feet wet into erlang web
>>>>> development so i wanted to ask: what is the state of erlang web
>>>>> frameworks? i did google a little bit and found a couple  of
>>>>> interesting projects. But having written some web applications in
>>>>> webobjects before, security is paramount for me. I have been playing
>>>>> with "scala lift" lately and wanted to know if the erlang community
>>>>> has something of the sort, i mean easy ajax + html component security.
>>>>> Or something in the line of smaltalk seaside. Thank you very much
>>>>> indeed.
>>>>> _______________________________________________
>>>>> erlang-questions mailing list
>>>>> erlang-questions@REDACTED
>>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> erlang-questions@REDACTED
>>>> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20111210/67d2bf85/attachment.htm>

More information about the erlang-questions mailing list